abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:45

Target

abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe
Size

79KB
MD5

10e4d59815441fd9feaaa1aa21c9f0b3
SHA1

3f29b047e0fe51b7693bd6dc26e7cffac6173782
SHA256

abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83
SHA512

8d1710e29974886810a8a23cad34a5461e45c0fa9608c5a135abd9cb47f0c0af1acbc4f491c58a7beeed32249d799184456bced2bde585a32dd3ddad046bb884
SSDEEP

1536:zvWVp8E5yc1l8OUhOQA8AkqUhMb2nuy5wgIP0CSJ+5yfB8GMGlZ5G:zvAiLOhGdqU7uy5w9WMyfN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2160 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

2096 cmd.exe
2096 cmd.exe

pid	process
2160	[email protected]

pid	process
2096	cmd.exe
2096	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.execmd.exe

description	pid	process	target process
PID 3020 wrote to memory of 2096	3020	abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe	cmd.exe
PID 3020 wrote to memory of 2096	3020	abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe	cmd.exe
PID 3020 wrote to memory of 2096	3020	abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe	cmd.exe
PID 3020 wrote to memory of 2096	3020	abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe	cmd.exe
PID 2096 wrote to memory of 2160	2096	cmd.exe	[email protected]
PID 2096 wrote to memory of 2160	2096	cmd.exe	[email protected]
PID 2096 wrote to memory of 2160	2096	cmd.exe	[email protected]
PID 2096 wrote to memory of 2160	2096	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe
"C:\Users\Admin\AppData\Local\Temp\abf32fbc5bd23158cd997ecd6963ff5258985e7fd8064887cc3d9bcb6e28cc83.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020

C:\Users\Admin\AppData\Local\Temp\[email protected]
[email protected]
3⤵
- Executes dropped EXE
PID:2160

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1b3f829d417fc51ee8b90fbfbda1f454

SHA1
645de02e21dbcfe4a1194fb9d0d34b01ab2ba9c2

SHA256
58254d3e8c5a6062db7ff11b30cba9d0e893e3484d125fcdaa313cf89357db77

SHA512
cc8478ea1bd12f46bad7b91cef97e02c9ade337455c11fd385636458388463b93c65f59687127d083627363a398a8a17fdb02fd5df78c00a69872ac212f6ae13

Download Submit
memory/2160-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3020-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download